j_haff
asked on
domain time not syncing
i have a single domain with 3 sites. everything is working fine except that at site 2 the time on the local domain controller will not sync with the PDC at site 1.
each site has it's own domain controller. site 1 is connected to site 2 via private line. site 1 is connected to site 3 via VPN at our firewalls. site 2 and 3 cannot communicate directly.
users on the domain at site 2 are pulling incorrect time from the DC at site 2. on the DC at site 2 a w32tm /monitor recognizes a time mismatch between it and the PDC at site 1, but a resync does not fix the issue.
i went ahead and added the PDC at site 1 as a manually added peer, but resyncing still does not fix the issue...
to temporarily fix the issue i did a net time \\DC@site1 /set. i've had to do this twice within the last 3 months. any ideas why the DC at site 2 is not pulling time correctly? i've checked and UDP traffic on port 123 is allowed across our private link, so its not a traffic/routing/networking
many thanks in advance.
each site has it's own domain controller. site 1 is connected to site 2 via private line. site 1 is connected to site 3 via VPN at our firewalls. site 2 and 3 cannot communicate directly.
users on the domain at site 2 are pulling incorrect time from the DC at site 2. on the DC at site 2 a w32tm /monitor recognizes a time mismatch between it and the PDC at site 1, but a resync does not fix the issue.
i went ahead and added the PDC at site 1 as a manually added peer, but resyncing still does not fix the issue...
to temporarily fix the issue i did a net time \\DC@site1 /set. i've had to do this twice within the last 3 months. any ideas why the DC at site 2 is not pulling time correctly? i've checked and UDP traffic on port 123 is allowed across our private link, so its not a traffic/routing/networking
many thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It should be pointed out the Announce Flags on your PDCe should be set to 5. All other DCs should be set to 10.
Also, how far out of time are they?
MaxAllowedPhaseOffset 300
This means they will not synch unless they are +/- 5 minutes out of synchronization.
MaxAllowedPhaseOffset 300
This means they will not synch unless they are +/- 5 minutes out of synchronization.
setup debugging on window time
http://support.microsoft.com/kb/816043
this will create log files and you can tell if its pulling the time from the right place
w32tm /query /status to see what its doing
then
w32tm /monitor /computers:dc2.domain.com,
or with a nice easy display
w32tm /stripchart /computer:<remote computer>